CVE-2024-13744
Booster for WooCommerce 4.0.1 - 7.2.4 - Unauthenticated Arbitrary File Upload
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The Booster for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the validate_product_input_fields_on_add_to_cart function in versions 4.0.1 to 7.2.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
El complemento Booster for WooCommerce para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validación del tipo de archivo en la función validate_product_input_fields_on_add_to_cart en las versiones 4.0.1 a 7.2.4. Esto permite que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio web afectado, lo que podría posibilitar la ejecución remota de código.
CVSS Scores
SSVC
- Decision:Track*
Timeline
- 2025-01-27 CVE Reserved
- 2025-04-03 CVE Published
- 2025-04-04 CVE Updated
- 2025-04-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (2)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Pluggabl Search vendor "Pluggabl" | Booster For WooCommerce Search vendor "Pluggabl" for product "Booster For WooCommerce" | >= 4.0.1 <= 7.2.4 Search vendor "Pluggabl" for product "Booster For WooCommerce" and version " >= 4.0.1 <= 7.2.4" | en |
Affected
| ||||||